Don't undo progress, California legislator asks

SAN FRANCISCO ' The author of California's data breach notification law today advised Congress to be careful in passing a nationwide law to protect consumers from the loss of sensitive information.

'The California standard has become a de facto national standard' in the handling of personal data and data breaches, said state Sen. Joe Simitian. Although he supported a national law, he warned that it should not weaken requirements already in place in most states. 'Let's not sacrifice it on the altar of federal regulation.'

Simitian was recognized with an award for excellence in the field of public policy Tuesday at this week's RSA IT security conference. He wrote the bill passed four years ago that raised the profile of the problem of the loss of personal information being held by many organizations.

The law was based on the principle that 'what you don't know can hurt you,' Simitian said.

He credited it not only with helping consumers, but with spurring improved security practices. Since the law's passage, more than 30 states have passed similar laws, and breaches of data on more than 100 million individuals have been publicly reported.

At least six data breach bills were introduced in the last Congress, although none made it out of committee. Similar bills are expected to be reintroduced in the current congress. Industry would like to have a single national law rather than deal with a patchwork of state requirements.

Simitian warned an audience of 4,000 security professionals that a weak national law that overrides stronger state laws would not serve the country well.

About the Author

William Jackson is a Maryland-based freelance writer.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected